The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• AutoCanada Hit by Cyberattack | SecurityWeek
• The State of Ransomware in State and Local Government 2024 | Sophos
• Expert counters downplaying of Columbus ransomware-related data breach | SCMagazine
• CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM | Security Intelligence
• Scammers dupe chemical company into wiring $60 million | HelpNetSecurity

IT Vulnerabilities & Security Updates

• Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR | SecurityWeek
• Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution | Center for Internet Security (CIS)
• Fortinet, Zoom Patch Multiple Vulnerabilities | SecurityWeek
• Research Uncovers New Microsoft Outlook Vulnerability | InfoSecurity Magazine
• Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now | BleepingComputer
• SolarWinds Urges Upgrade After Revealing Critical RCE Bug | InfoSecurity Magazine
• Server-Side Template Injection: A Critical Vulnerability Threatening Web Applications | CheckPoint
• Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities | SecurityWeek
• The AMD SinkClose security hole is dangerous. Here's how to protect your systems | ZDNet
• 20-year-old hardware flaw found in AMD chips | SCMagazine

IT Malware, Threats & Risks

• Multiple Malware Dropped Through MSI Package | SANS Internet Storm Center
• Humans remain as key cloud security weak point | SCMagazine
• Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments | Palo Alto Unit42
• The Chinese Communist Party (CCP): A Quest for Data Control | Center for Internet Security (CIS)
• Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure | Palo Alto Unit42

Ransomware/Extortion

• RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks | The Hacker News
• Black Basta-Linked Attackers Target Users with SystemBC Malware | The Hacker News
• Ransomware recap: Top threat actors, exploited vulnerabilities in H1 2024 | SCMagazine

Cyber Resilience, General Awareness & AI

• Building a nation-scale evidence base for cyber deception | UK-NCSC
• Mastering Endpoint Security | A CISO’s Blueprint for Resilience | SentinelOne
• Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? | HelpNetSecurity
• Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits | SecurityWeek
• AI risks are everywhere - and now MIT is adding them all to one database | ZDNet
• How to Prevent Your First AI Data Breach | BleepingComputer